[eluser]n0xie[/eluser]
My two cents:
- Take a look at modules. It's a nice way to group related functionality together. To make your application truly modular, you need to think about decoupling and how you are going implement it.
- Think about your ACL beforehand. How/where do you want to check for permissions? The reason most developers write their own implementation is because the requirements for ACL can differ greatly between projects.
- Read about security issues with PHP in general. Get yourself familiarised with terms like XSS, CSRF, SQL injection and Session Hijacking. There are no silver bullets but there are a lot of good practices that can take care of 90% of the common exploits.
- Code defensively.